Solved

Impersonate Username

Posted on 2004-09-07
10
464 Views
Last Modified: 2012-05-05
Hi all,

First of all thank you Experts Exchange, I can always count on this site for an answer to my problems.

My problem is that I have a program that accesses a folder on a linux running samba.  I want to pass the username and password of a network user via VB6 code so that only the program has access to the samba share.  I do not want individual users to have access to these shares.  I have searched the net and have only come up with a dll called SFImpersonator but not sure how to incorperate this into my code.

Thanks in advance
0
Comment
Question by:m0nsterz
  • 5
  • 5
10 Comments
 

Author Comment

by:m0nsterz
Comment Utility
This is really urgent so I have doubled the points.
0
 
LVL 76

Expert Comment

by:David Lee
Comment Utility
I don't know anything about Linux or Samba.  If you can explain to me how a VB program connects to a share on Linux/Samba, then I might be able to help you figure out how to do this.
0
 

Author Comment

by:m0nsterz
Comment Utility
Hi BlueDevilFan

Maybe I should rephrase my question.  I think that if I was accessing a share on a Windows 2000 server the code would be exactly the same.  Basically what I have is a database running on a server (whether it be Linux or windows 200) makes little difference, as samba makes windows think that the linux server is a windows server) and the front end program is running on a users computer.  I want the program to access the database but I don't want to explicitly give the user permission to access the database.  It is almost like having an Application account on SQL server, except this has an access database instead.  So I want the program when it runs to change the user name and password that it passes to the server to one that has permissions to access the database and when the program closes it changes the user name back to what it was before and the user will be none the wiser.

I hope this explains things a little better.
0
 
LVL 76

Accepted Solution

by:
David Lee earned 500 total points
Comment Utility
If the process is the same as mapping a local drive, then this should do it.

    Dim objWSHNet As New WshNetwork, _
        strDrive As String, _
        strRemotePath As String, _
        strUsername As String, _
        strPassword As String
    'Use whatever free drive letter you choose
    strDrive = "Z:"
    'The path to the share on the Linux/Samba server
    strRemotePath = "\\Server\Share"
    'The username of the account you want to use
    strUsername = "UserName"
    'The password for the account you are using
    strPassword = "Password"
    'Map the drive
    objWSHNet.MapNetworkDrive strDrive, strRemotePath, , strUsername, strPassword
    'When you're all done this will remove the drive connection.
    objWSHNet.RemoveNetworkDrive strDrive, True
    'Always destroy objects to reduce memory leaks
    Set objWSHNet = Nothing
0
 
LVL 76

Expert Comment

by:David Lee
Comment Utility
Oh, a don't forget to add a reference to Windows Script Host Object Model to your program.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:m0nsterz
Comment Utility
I will give this a try and let you know later on today.  Thanks for the quick response
0
 

Author Comment

by:m0nsterz
Comment Utility
Hi BlueDevilFan

Sorry for the delay in the reply but I had to go out of the office for a few days.  I have tried your code manually and it works fine, but is there any way of doing this without mapping a drive.  If the drive is mapped when the program is open then anyone can get onto the server.
0
 
LVL 76

Expert Comment

by:David Lee
Comment Utility
No problem on the delay.  What you want is for the program to be able to access the share but not the user.  That's more a little more complicated.  The only way I can think of off the top of my head is to use the programming equivilent of the Runas command.  Runas allows for a program to be run in a different security context (i.e. under a diffferent account).  It's great for an administrator who may need to run a program under his/her admin account at a user's workstation, saving the need to log the user off and log on as themself.  The same capability can be written into a program.  What it'll mean though is that you'll need two programs.  The first program will be the one the user launches.  It'll be very small and simple since all it'll do is spawn the second program.  But, it'll spawn the second program under a different account, an account that'll have access to the share, which in turn gives the second program access to the share.  Since the program is running in a different security context from that of the user, the program will enjoy access to the share while the user running it will not.  The real issue becomes one of how to store the password for the account the program will use.  If you embed it in the program, then a password change means you have to recompile the program with the new password and issue a new executable to all users of the program.  The alternative to that is to read the password from a file.  Of course if you store the password as clear-text, then anyone who can find the file and knows the account it goes with now has access to the share.  Naturally you can encrypt the password and then write it into a file.  That improves security but the password is still out there and most security types usually get nervous about that sort of thing.  

Another approach would be to go client-server.  The server would sit on the machine where the share is and the client would talk to it.  This simplifies the authentication problem, but, depending on what you want to accomplish, coding the server could be a more significant issue.  Or, you could write a service that'd run on the client computer.  This would work just like client-server would only both components would be on the local computer rather than one on the client and the other on the computer where the share is.  Let me know which approach you'd like to take and I'll do what I can to help you with it.
0
 

Author Comment

by:m0nsterz
Comment Utility
I like the Runas, but would this work on a Windows 98 machine, as this is th OS that the program is running on.  Is it not possible to hide the mapped drive coz if so this would work for me.
Could you elaborate on how the service would work with the authentication on the server.

Thanks for the time you are spending to help me out, much appreciated.
0
 
LVL 76

Expert Comment

by:David Lee
Comment Utility
To the best of my knowledge Runas is an NT/2000/XP/2003 concept.  There's nothing I know of like it in Win98, so Runas is out of the picture.  Is it possible to hide the mapped drive?  I was thinking about that when I wrote my earlier post.  There are various utilities that allow you to hide a drive letter, but I don't know of a way to do it from a program.  Let me think about it and see if I can come up with anything.  

If this needs to run from Win98, then a service isn't the answer.  I'll answer your question though in another post.  Sorry, but I have to run right now.

You're welcome.  Glad to help out.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Introduction While answering a recent question (http://www.experts-exchange.com/Q_27402310.html) in the VB classic zone, I wrote some VB code in the (Office) VBA environment, rather than fire up my older PC.  I didn't post completely correct code o…
The debugging module of the VB 6 IDE can be accessed by way of the Debug menu item. That menu item can normally be found in the IDE's main menu line as shown in this picture.   There is also a companion Debug Toolbar that looks like the followin…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now